Windows Animated Cursor Header buffer overflow

Added: 04/05/2007
CVE: CVE-2007-0038
BID: 23194
OSVDB: 33629

Background

Animated cursor (.ani) files contain animated graphics for icons and cursors.

Problem

A buffer overflow in Windows allows command execution when opening a specially crafted .ani file containing large file headers.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-017.

References

http://www.kb.cert.org/vuls/id/191609
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html

Limitations

Exploit works with Internet Explorer 6 on Windows 2000 and XP and requires a user to load the page.

Platforms

Windows

Back to exploit index